Possible other versions and devices are also affected by this vulnerability.

============ Shodan Torks ============

Shodan search: Server: Linux, HTTP/1.1, DIR
=> 9300 results

============ Vulnerability Overview: ============

OS Command Injection

The vulnerability is caused by missing input validation in the dst parameter and missing session validation and can be exploited to inject and execute arbitrary shell commands.

WARNING: You do not need to be authenticated to the device to insert and execute malicious commands.Hint: On different devices like the DIR-645 wget is preinstalled and you are able to upload and execute your malicious code.

Disclaimer

The views expressed on this site are my own and do not reflect those of my current employer or its clients. This "work" has been done in my free time and therefore it's not related to my current company in any way.

Potential intruders are in what military strategists call "the position of the interior": the defender has to defend against every possible attack, while the attacker has to find only one weakness.
Bruce Schneier (01-05-2001)